在密码学中,加密(英语:Encryption)是将明文信息改变为难以读取的密文内容,使之不可读。只有拥有解密方法的对象,经由解密过程,才能将密文还原为正常可读的内容。

密码学(Cryptology):研究信息系统安全保密的科学。它包含两个分支:
1. 密码编码学(Cryptography),对信息进行编码实现隐蔽信息的一门学问。
2. 密码分析学(Cryptanalytics),研究分析破译密码的学问。

虽然加密作为通信保密的手段已经存在了几个世纪,但是只有那些对安全要求特别高的组织和个人才会使用它。

在1970年代中期,“强加密”(Strong Encryption)的使用开始从政府保密机构延伸至公共领域,并且目前已经成为保护许多广泛使用系统的方法,比如因特网电子商务、手机网络和银行自动取款机等[1]。

加密可以用于保证安全性,但是其它一些技术在保障通信安全方面仍然是必须的,尤其是关于数据完整性和信息验证。例如,信息验证码(MAC)或者数字签名。另一方面的考虑是为了应付流量分析。

加密或软件编码隐匿(Code Obfuscation)同时也在软件版权保护中,用于对付反向工程,未授权的程序分析,破解和软件盗版及数字内容的数字版权管理(DRM)等。

加密软件

Name URL Description
TrueCrypt http://www.truecrypt.org/ Free open-source disk encryption software for Windows 7/Vista/XP, Mac OS X, and Linux
TCnext https://truecrypt.ch/ TCnext: Site dedicated to the next “truecrypt”
VeraCrypt https://veracrypt.codeplex.com/ VeraCrypt is a free disk encryption software brought to you by IDRIX (http://www.idrix.fr) and that is based on TrueCrypt.
The GNU Privacy Guard http://www.gnupg.org/ GnuPG is the GNU project's complete and free implementation of the OpenPGP standard as defined by RFC4880
AxCrypt http://www.axantum.com/axcrypt/ AxCrypt is the leading open source file encryption software for Windows.

SSL软件

Name URL Description
OpenSSL http://www.openssl.org/ OpenSSL is an open source project that provides a robust, commercial-grade, and full-featured toolkit for the Transport Layer Security (TLS) and Secure Sockets Layer (SSL) protocols.
PolarSSL https://polarssl.org/ SSL Library PolarSSL
mbed TLS https://tls.mbed.org/ mbed TLS (formerly known as PolarSSL) makes it trivially easy for developers to include cryptographic and SSL/TLS capabilities in their (embedded) products, facilitating this functionality with a minimal coding footprint.
CyaSSL https://github.com/cyassl/cyassl CyaSSL is a small, fast, portable implementation of TLS/SSL for embedded devices to the cloud
wolfSSL https://www.wolfssl.com/ wolfSSL (formerly CyaSSL) is a small, fast, portable implementation of TLS/SSL for embedded devices to the cloud. github
LibreSSL http://www.libressl.org/ LibreSSL is a version of the TLS/crypto stack forked from OpenSSL in 2014, with goals of modernizing the codebase, improving security, and applying best practice development processes.
BoringSSL https://boringssl.googlesource.com/boringssl/ BoringSSL is a fork of OpenSSL that is designed to meet Google’s needs.
GmSSL http://gmssl.org/ 支持国密SM2、SM3、SM4算法的OpenSSL分支 github
MatrixSSL http://www.matrixssl.org/ Lightweight Embedded SSL/TLS Implementation for IoT Devices github
Rustls https://github.com/ctz/rustls A modern TLS library in Rust

加密算法就是加密的方法。

加密算法可以分为两类:对称加密和非对称加密

在密码学中,加密是将明文信息隐匿起来,使之在缺少特殊信息时不可读。

对称加密就是将信息使用一个密钥进行加密,解密时使用同样的密钥,同样的算法进行解密。

非对称加密,又称公开密钥加密,是加密和解密使用不同密钥的算法,广泛用于信息传输中。

对称密钥加密

算法 密钥长度 块大小 说明
DES 56 64 Data Encryption Standard
3DES 56, 112, 168 64 Triple DES
AES 128, 192, 256 128 Advanced Encryption Standard
Twofish 128, 192, 256 128 -
Blowfish 1 ~ 448 64 -
IDEA 128 64 International Data Encryption Algorithm
RC4 4 ~ 2048 ? -
RC5 4 ~ 2040 32, 64, 128 -
RC6 128, 192, 256 128 -

非对称密钥加密

RSA、ElGamal、背包算法、Rabin(Rabin的加密法可以說是RSA方法的特例)、Diffie-Hellman (D-H) 密钥交换协议中的公钥加密算法、Elliptic Curve Cryptography(ECC, 椭圆曲线加密算法)。

http://www.secg.org/ - Standards for Efficient Cryptography Group
https://www.w3.org/TR/WebCryptoAPI/ - Web Cryptography API
https://w3c.github.io/webauthn/ - Web Authentication: A Web API for accessing scoped credentials
https://fidoalliance.org/ - FIDO Alliance
https://www.engelke.com/fluent/ - Web Cryptography Resources

https://www.w3.org/TR/WebCryptoAPI/ - Web Cryptography API
https://www.w3.org/TR/webauthn/ - Web Authentication: A Web API for accessing scoped credentials